CN111434088A - Data processing method - Google Patents

Data processing method Download PDF

Info

Publication number
CN111434088A
CN111434088A CN201880078469.3A CN201880078469A CN111434088A CN 111434088 A CN111434088 A CN 111434088A CN 201880078469 A CN201880078469 A CN 201880078469A CN 111434088 A CN111434088 A CN 111434088A
Authority
CN
China
Prior art keywords
identifier
recipient
data packet
packet
sniffer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201880078469.3A
Other languages
Chinese (zh)
Other versions
CN111434088B (en
Inventor
S·林兰德
F·斯卡希尔
T·特维尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
British Telecommunications PLC
Original Assignee
British Telecommunications PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by British Telecommunications PLC filed Critical British Telecommunications PLC
Publication of CN111434088A publication Critical patent/CN111434088A/en
Application granted granted Critical
Publication of CN111434088B publication Critical patent/CN111434088B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

A method of processing a data packet received by a packet sniffer (401), the data packet comprising an associated identifier (402), the method comprising: transmitting the data packet to a recipient, determining whether the identifier corresponds to a particular network, wherein if it is determined that the identifier corresponds to the particular network, providing the identifier to the recipient; and if it is determined that the identifier does not correspond to the particular network, the identifier is not provided to the recipient (403).

Description

Data processing method
In order to perform diagnostics on a device, a packet sniffer may be used that captures copies of data packets sent by neighboring devices and uploads these copies to a server for diagnostic processing.
In such an arrangement, the sniffer may capture data packets from a third party owned device (rather than the user owned). These third party data packets affect the communication environment. For example, a third party may be downloading a large amount of data, thus reducing the bandwidth available to the user's device. Therefore, it is desirable to include third party data packages in the diagnostic process.
According to a first aspect of the present invention, there is provided a method of processing a data packet received by a packet sniffer, the data packet comprising an associated identifier, the method comprising:
the data packet is transmitted to the receiving party,
determining whether the identifier corresponds to a particular network;
wherein if it is determined that the identifier corresponds to the particular network, providing the identifier to the recipient; and is
If it is determined that the identifier does not correspond to a particular network, the identifier is not provided to the recipient.
Uploading third party data to a server, where the data contains identity information about the third party, causes privacy concerns and is therefore undesirable. These privacy issues may be avoided by, for example, removing identity information from the data packet before uploading the data packet to the server. However, this prevents the diagnostic process from identifying client devices that are not performing properly. The invention enables a method to be performed in which both client data and third party data are made available for diagnostic analysis at a recipient server without violating the privacy of the third party. Since identity information about the third party is not sent to the server, the privacy of the third party is not violated.
The step of providing the identifier to the recipient may be performed after the recipient receives the data packet. The data packet may not contain an identifier when it is sent to the recipient. The step of providing the identifier to the recipient may be performed separately from the step of sending the data packet to the recipient. The step of providing the identifier to the recipient may comprise sending a data file containing the identifier to the recipient, the data file being different from the data package.
In a presently preferred embodiment, the step of transmitting the data packet to the recipient comprises providing the identifier to the recipient in encoded form. The encoded identifier may be transmitted to the recipient as part of a data packet. The encoded identifier may be in the form of a reference code. The step of providing the identifier in encoded form to the recipient may comprise overwriting the identifier with the encoded identifier. The step of transmitting the data packet to the receiving side may be performed through a wired channel.
In some embodiments, the data packet contains a single identifier. The identifier may include a MAC address. Alternatively, the identifier may comprise an SSID. In a presently preferred embodiment, the data packet contains a plurality of identifiers. In embodiments where the data packet comprises a plurality of identifiers, the method may be performed in respect of each of the plurality of identifiers. The plurality of identifiers may include one or more MAC addresses and/or one or more SSIDs. The plurality of identifiers may include three to six MAC addresses. Each MAC address may correspond to any of: the device from which the packet originated, the device that sent the packet, the device to which the packet was sent, and the device that is the ultimate destination of the packet. The plurality of identifiers may include one or more SSIDs.
The method may further include receiving a packet including the identifier and a reference code, the packet including the identifier and the reference code, and transmitting the packet to a receiver, the packet including the identifier and the reference code, the decoding information being recorded in a table.
The step of determining whether the identifier corresponds to a particular network may include comparing the identifier to a list of devices that have been associated with the particular network. The device list may be provided by an access point of the network. If it is determined that the identifier does not correspond to a particular network, the identifier and the decoding information associated with the identifier may be deleted from the record.
The sniffer may be adapted to capture a copy of the wirelessly transmitted data packet. The sniffer may be located near an access point of the network.
The receiver may receive the transmitted data packet and may transmit the received data packet to another receiver for diagnostic processing.
The method may include a preliminary determination step of determining whether the identifier corresponds to a particular network before performing the step of transmitting the data packet to the recipient. In a presently preferred embodiment, the data packet sent to the recipient contains the identifier in non-encoded form if it is determined in this preliminary determination step that the identifier corresponds to a particular network. If it is determined in this preliminary determination step that the identifier does not correspond to a particular network, the method proceeds according to the presently preferred embodiment of the invention defined above. In an alternative embodiment, the data packet sent to the recipient contains the identifier in encoded form if it is determined in this preliminary determination step that the identifier corresponds to a particular network.
The method may be performed by a data processing device, which may be associated with a sniffer and may be adapted to perform the method on data packets received by the relevant sniffer. The data processing device may comprise a member device of a particular network and may comprise an access point to the particular network. The sniffer may be adapted to capture data packets from the access point. In some embodiments, the method is performed at more than one location. In these embodiments, there may be a plurality of data processing devices, each of which may have an associated sniffer.
If data packets received at more than one sniffer contain the same identifier, the identifier may be sent to the receiving party in the same encoded form. This makes the process of decoding the encoded identifier less problematic. An initial coded form may be assigned to the identifier. The initial encoding form may be replaced by a master encoding form.
According to a second aspect of the present invention, there is provided a network device adapted to process data packets, the network device comprising
A transmitter adapted to transmit the data packet to a recipient;
a determiner adapted to determine whether the identifier corresponds to a particular network;
wherein if the determiner determines that the identifier corresponds to a particular network, the network device is adapted to provide the identifier to the recipient; and is
If the determiner determines that the identifier does not correspond to a particular network, the network device is adapted to not provide the identifier to the recipient.
The network device is further adapted to perform all the steps of the method according to the first aspect of the invention as defined above.
For purposes of illustration only, specific embodiments of the present invention will now be described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a schematic illustration of L AN adapted to perform a method in accordance with the present invention, the L AN comprising a single access point;
FIG. 2 is a schematic illustration of a data packet on which a method according to the invention may be performed;
FIG. 3 is a schematic illustration of a look-up table used in the method according to the invention;
FIG. 4 is a flow chart illustrating an embodiment of a method according to the present invention;
fig. 5 is a schematic diagram of L AN adapted to perform a method according to the invention, the L AN comprising two access points.
Detailed Description
A schematic representation of a typical wireless L AN is shown in fig. 1 and indicated at 1. in particular, L AN 1 includes a plurality of client devices 2. these will be referred to as L AN clients 2. these L AN clients 2 are part of L AN 1 and are associated with access point 4. in particular, L AN clients 2 are capable of wirelessly transmitting packets 3 to access point 4 and wirelessly receiving packets 3 from access point 4. it is noted that, although the example L AN 1 shown in fig. 1 includes only one access point 4, L AN 1 may include more than one access point 4.
Fig. 1 also shows a third party device 5 located outside L AN 1, this third party device 5 is not part of L AN and therefore is not associated with access point 4 (although the third party device 5 may be part of its own third party L AN (not shown in the figure)).
Fig. 1 also shows a sniffer 60. the sniffer 60 is located near the access point 4 and is able to wirelessly receive data packets 3 from L AN both the client 2 and the third party device 5. the sniffer 60 can process the data packets 3 it receives and can upload the data packets 3 to the server 7. when the third party device 5 wirelessly sends data packets 3, such data packets 3 can be received by the sniffer 60. the sniffer 60 uploads both the client data packets 3 and the third party data packets 3 to the server 7.
Fig. 2 is a schematic representation of a typical data packet 3 used according to the invention. In particular, there is a header 20, which header 20 contains, among other things, a MAC address 21 and an SSID 22. Although only one MAC address is shown, a typical packet has from one to six MAC addresses. These MAC addresses include the MAC addresses of the device from which the packet 3 originates, the device that sent the packet, the device that will next receive the packet, and the device that is the ultimate destination of the packet 3. Furthermore, although one SSID is shown in fig. 2, the data packet 3 may have zero, one, or more than one SSID. Further, the MAC address and SSID may be located in the header or body of the packet 3.
The payload 23 of packet 3 is also shown in fig. 2 the payload 23 may contain, among other things, EAPo L data 24 EAPo L data 24 is used in the process of authenticating the sender of packet 3.
In some known systems, diagnostic processing of the type of L AN shown in fig. 1 includes a sniffer that sends packets of all data (i.e., both client packets and third party packets) to the server 7, whereby diagnostic processing is applied to the packets with the intent of determining whether the client device is performing efficiently.
The present invention anonymizes some or all of the MAC address and SSID in the data packet 3 before sending the data packet 3 to the server 7 for diagnostic processing. A first embodiment of the present invention will now be described.
In a first embodiment of the invention, the packet 3 is received by the sniffer 60, the MAC address 21 and SSID22 on the packet are read, the sniffer 60 receives information from the access point 4 about which devices are L AN 1 client devices 2 if the MAC address 21 and SSID22 indicate that the packet 3 was sent by L AN 1 client devices 2, then the MAC address 21 and SSID22 are not anonymized (i.e. they are not overwritten by the MAC code 10 and SSID code 11) before being sent to the server 7, but rather the packet is sent to the server in a non-anonymous form with the MAC address 21 and SSID 22. these packets are stored at the sniffer 60 and then sent to the server 7 in batches the MAC address and SSID22 of the packet are entered into the lookup tables 14, 15 with a flag indicating that the device has been associated with L AN.
If the MAC address 21 and SSID22 indicate that the packet 3 was sent by a device other than the client device 2 of L AN 1, then the sending device must be either (i) a third party device, or (ii) a device that is part of the network, but at the time of sending, the sniffer 60 has not observed that the device has successfully associated to L AN 1.
If the MAC address 21 and SSID22 indicate that the packet 3 received at the sniffer 60 was sent by a device other than the client device 2 of L AN 1, the MAC address 21 is entered into the look-up table 14 (see fig. 3) then a reference code (referred to as MAC code 10) is assigned to each MAC address the MAC code 10 may have a simple form (e.g., MAC-1) the MAC code 10 enters into the look-up table 14 in the same row as its corresponding MAC address 21 but into the second column then the MAC address 21 in the packet 3 is overwritten by its assigned MAC code 10.
A similar method is then applied to the SSID22 of the data packet. In particular, one or more SSIDs 22 from the data packet 3 are entered into the second look-up table 15. Then, a reference code (which will be referred to as SSID code 11) is assigned to each SSID 22. The SSID code 11 enters the same row of the lookup table 15 as the SSID22, but enters the second column. Each SSID22 in the data packet 3 is then overwritten by its corresponding SSID code 11.
The data packet is truncated to remove the payload 23. In this way, the payload 23 is not uploaded to the server 7 (as uploading the payload of a third party data package to the server may violate the privacy of the third party).
If the access point 4 indicates to the sniffer 60 that a successful authentication has occurred between the client device 2 and L AN 1, a flag is set in the look-up tables 14, 15 next to the MAC address/SSID corresponding to this device 2. this flag is set in the "L AN device" column 50 of the look-up tables 14, 15 (see fig. 3). the sniffer 60 periodically sends a batch of anonymized data packets 3 to the server 7. when it is desired to send such a batch of data packets, a copy of each look-up table in the look-up tables 14, 15 is made. all entries in the L AN device column that do not have a flag are deleted (or "trimmed") from the copy of the look-up tables 14, 15. these trimmed look-up tables are sent to the server together with this batch of anonymized data packets 3. the server uses the trimmed look-up tables 14, 15 to de-anonymize the anonymized MAC address and SSID in the anonymized data packets 3 it receives. the trimmed look-up tables 14, 15 contain the anonymized MAC address and SSID corresponding to the MAC code 10 that was most recently associated with the client device (the ad-up table) and hence the third party device is not able to prevent its attack on the third party MAC address or SSID.
In a second embodiment of the invention, the MAC addresses and SSIDs of all packets 3 received at the sniffer 60 are anonymized, not just those corresponding to devices not associated to L AN 1. this anonymization is as described in relation to the first embodiment. in particular, when any packet is received at the sniffer 60, the MAC address 21 of the packet 3 is entered into the look-up table 14 (see FIG. 3). then, the MAC code 10 is assigned to each MAC address and entered into the same row of the look-up table 14 as its corresponding MAC address 21, but into the second column. then, the MAC address 21 in the packet 3 is overwritten by its assigned MAC code 10. zero or more SSIDs 22 from the packet 3 are entered into the second look-up table 15. then, SSID code 11 is assigned to each SSID 22. SSID code 11 is entered into the same row of the look-up table 15 as SSID22, but then into the second column. SSID code 22 in the packet 3 is overwritten by its corresponding SSID code 11.
As in the first embodiment, the data packet is truncated to remove the payload 23. In this way, the payload 23 is not uploaded to the server 7 (as uploading the payload of a third party data package to the server may violate the privacy of the third party).
If the MAC/SSID of the packet 3 received by the sniffer 60 corresponds to a device which can be determined to be part of L AN 1, a flag is set in the look-up tables 14, 15 next to the MAC address/SSID corresponding to this device 2. a flag is set in the "L AN device" column 50 of the look-up tables 14, 15 (see fig. 3). if the device 2 is not associated with L AN 1 at the start of the session, a MAC address/SSID entry will be entered into the look-up tables 14, 15, but not any flag will be entered. if the device 2 is associated with L AN 1 during the session, when the sniffer 60 receives a packet containing the MAC address/SSID corresponding to this device, the sniffer 60 will detect that the corresponding device 2 is now associated with L AN 1 and will therefore enter a flag into the look-up tables 14, 15 next to the MAC address/SSID corresponding to this device, so in this second embodiment, a set for the MAC address/SSID corresponding to the device pair) next to the anonymous packet sent from the look-up table 14, 15, and a periodic sniffer will send a copy of this sniffer 14, a packet to the anonymous look-up table 14, 15, which has been sent from the anonymous copy, a server, a, which had no such a sniffer 14, a list, which had been created when the sniffer had been received, has been created, a, has been created, a copy, a packet, has been sent from the sniffer, a list, has been sent, a list of all the sniffer 14, has been created, a list 3, has been created, and a list of all the sniffer 14, has been created when the anonymous copy of the sniffer 14, has been created, has been.
Thus, the trimmed look-up tables 14, 15 uploaded to the server contain only the MAC code 10 and SSID code 11 corresponding to devices associated with L AN 1. the trimmed look-up tables do not contain the MAC code 10 or SSID code corresponding to third party devices.
The method is performed at a data processing device. The data processing device receives data packets from the associated sniffer and processes the data packets according to the invention.
Fig. 4 is a flow chart summarizing the steps according to a second embodiment of the invention and including the following steps. Step 401: sniffer 60 receives data packet 3. Step 402: the MAC address 21 and SSID22 of the data packet 3 and their corresponding assigned codes are entered into a look-up table. Step 403: the MAC address 21 and SSID22 are overwritten in the header of the data packet 3 with the respective assigned codes. Step 404: the data packet 3 is sent to the server 7. Step 405: in the fourth column of both look-up tables 14, 15, a flag is set for all entries corresponding to data packets 3 sent by the client device 2. Step 406: all unmarked entries are deleted from the look-up tables 14, 15. Step 407: both look-up tables 14, 15 are sent to the server 7.
Multi-sniffer arrangement
In some embodiments, there is more than one data processing device associated with a particular network, each of the data processing devices having an associated sniffer (see fig. 5). The respective data processing device 160, 260 performs the method according to the invention as described above. The inventors have realized that if data packets containing the same MAC address or SSID are processed by different processing devices, there is a risk that the respective data processing devices assign different reference codes to the MAC address or SSID. This may mean that the MAC address or SSID cannot be decoded correctly at the server. It is therefore desirable to ensure that the same reference code is assigned to the same MAC address or SSID. To achieve this, one data processing device is defined as a master device 160 and the other data processing devices are defined as slave devices 260. Only one slave device 260 is shown in fig. 5. When the data packet 103 is processed by the slave device 260, the slave device 260 assigns an initial reference code to each MAC address/SSID and transmits the reference code and MAC address/SSID to the master device 160. If the master device 160 has previously received the MAC address/SSID, the master device 160 sends its reference code assigned to the MAC address/SSID to all slave devices 260. If the primary device 160 has not previously received the MAC address/SSID, the primary device 160 assigns a reference code to the MAC address/SSID. The master device 160 then (i) sends its assigned reference code to all slave devices, which replace any initial reference codes they have assigned with the master reference code in the data packet 103 and the look-up table; or (ii) enter the master reference code and the initial code of the slave into a mapping table (not shown). In arrangement (i), the server 107 decodes the MAC address/SSID in the data packet 103 it receives using separate look-up tables for the master and slave devices. In arrangement (ii), the server 107 uses the mapping table to decode the MAC address/SSID in the packet 103 it receives.

Claims (14)

1. A method of processing a data packet received by a packet sniffer, the data packet comprising a correlation identifier, the method comprising: sending the data packet to a recipient, determining whether the identifier corresponds to a particular network; wherein if it is determined that the identifier corresponds to the particular network, the identifier is provided to the recipient; and not providing the identifier to the recipient if it is determined that the identifier does not correspond to the particular network.
2. The method of claim 1, wherein the step of transmitting the data packet to a recipient comprises providing the identifier to the recipient in an encoded form.
3. A method according to claim 1 or 2, wherein the data packet contains a plurality of identifiers and the method is performed in respect of each of the plurality of identifiers.
4. The method of any preceding claim, wherein the plurality of identifiers comprises one or more MAC addresses.
5. The method of claim 4, wherein the plurality of identifiers comprises three to six MAC addresses, including three and six.
6. The method of any preceding claim, wherein the plurality of identifiers comprises one or more SSIDs.
7. A method according to any preceding claim, wherein the step of providing the identifier to a recipient comprises sending decoding information to the recipient to enable the encoded identifier to be decoded.
8. The method of claim 7, wherein the decoding information comprises a reference code.
9. The method of claim 7 or 8, wherein the decoding information is recorded in a table.
10. The method of any of claims 7 to 9, wherein the decoding information is sent to the recipient separately from the data packet.
11. The method of any preceding claim, wherein the recipient is a server.
12. The method of any preceding claim, wherein the particular network is L AN.
13. A method according to any preceding claim, wherein the method further comprises removing some or all of the payload of the data packet before sending the data packet to the recipient.
14. A network device adapted to process data packets, the network device comprising: a transmitter adapted to transmit a data packet to a recipient; a determiner adapted to determine whether the identifier corresponds to a particular network; wherein the network device is adapted to provide the identifier to the recipient if the determiner determines that the identifier corresponds to the particular network; and if the determiner determines that the identifier does not correspond to the particular network, the network device is adapted to not provide the identifier to the recipient.
CN201880078469.3A 2018-01-08 2018-12-21 Data processing method Active CN111434088B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP18150645 2018-01-08
EP18150645.2 2018-01-08
PCT/EP2018/086578 WO2019134858A1 (en) 2018-01-08 2018-12-21 Data processing method

Publications (2)

Publication Number Publication Date
CN111434088A true CN111434088A (en) 2020-07-17
CN111434088B CN111434088B (en) 2022-09-27

Family

ID=61022107

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880078469.3A Active CN111434088B (en) 2018-01-08 2018-12-21 Data processing method

Country Status (4)

Country Link
US (1) US11336623B2 (en)
EP (1) EP3738286B1 (en)
CN (1) CN111434088B (en)
WO (1) WO2019134858A1 (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095514A1 (en) * 2001-01-12 2002-07-18 International Business Machines Corporation Method and system for disguising a computer system's identity on a network by disguising the system's MAC address
US20040006642A1 (en) * 2002-07-06 2004-01-08 Kyung-Hun Jang Method of guaranteeing users' anonymity and wireless local area network (LAN) system therefor
US20050249225A1 (en) * 2004-05-10 2005-11-10 Singhal Tara C Method and apparatus for packet source validation architecture system for enhanced Internet security
CN1714542A (en) * 2002-10-11 2005-12-28 松下电器产业株式会社 Identification information protection method in WLAN interconnection
CN1917462A (en) * 2005-08-19 2007-02-21 三星电子株式会社 Transmitting frames in wireless local area network (wlan)
CN101068251A (en) * 2006-05-02 2007-11-07 捷讯研究有限公司 Apparatuses and method for generating and transmitting an anonymous routing identifier to maintain privacy of a sip user agent's identity
EP2115618A1 (en) * 2007-01-29 2009-11-11 Feeva Technology, Inc. Systems and methods of information/network processing, including tag-based insertion and related features
US8862537B1 (en) * 2011-06-30 2014-10-14 Sumo Logic Selective structure preserving obfuscation
CN104247369A (en) * 2012-02-22 2014-12-24 高通股份有限公司 Method and equipment for blurring equipment tags
CN104255059A (en) * 2011-10-12 2014-12-31 欧姆尼特雷尔有限责任公司 Presence platform for passive radio access network-to-radio access network device transition
CN104604206A (en) * 2012-08-29 2015-05-06 高通股份有限公司 Obfuscating a MAC address
CN106027527A (en) * 2016-05-23 2016-10-12 华中科技大学 Anonymous communication method based on software defined network (SDN) environment

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002003219A1 (en) 2000-06-30 2002-01-10 Plurimus Corporation Method and system for monitoring online computer network behavior and creating online behavior profiles
US9137670B2 (en) 2003-02-18 2015-09-15 Hewlett-Packard Development Company, L.P. Method for detecting rogue devices operating in wireless and wired computer network environments
US7984169B2 (en) 2006-06-28 2011-07-19 Microsoft Corporation Anonymous and secure network-based interaction
FI20070029L (en) 2007-01-12 2008-07-13 Valtion Teknillinen Anonymous user identifiers that connect to data communications traffic measurement data
US20150195710A1 (en) * 2014-01-07 2015-07-09 Adam M. Bar-Niv Apparatus, method and system of obfuscating a wireless communication network identifier
US9860229B2 (en) * 2015-01-19 2018-01-02 Sas Institute Inc. Integrated data extraction and retrieval system
US20180124013A1 (en) * 2016-10-31 2018-05-03 Aruba Networks, Inc. Enforcing privacy addressing

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095514A1 (en) * 2001-01-12 2002-07-18 International Business Machines Corporation Method and system for disguising a computer system's identity on a network by disguising the system's MAC address
US20040006642A1 (en) * 2002-07-06 2004-01-08 Kyung-Hun Jang Method of guaranteeing users' anonymity and wireless local area network (LAN) system therefor
CN1714542A (en) * 2002-10-11 2005-12-28 松下电器产业株式会社 Identification information protection method in WLAN interconnection
US20050249225A1 (en) * 2004-05-10 2005-11-10 Singhal Tara C Method and apparatus for packet source validation architecture system for enhanced Internet security
CN1917462A (en) * 2005-08-19 2007-02-21 三星电子株式会社 Transmitting frames in wireless local area network (wlan)
CN101068251A (en) * 2006-05-02 2007-11-07 捷讯研究有限公司 Apparatuses and method for generating and transmitting an anonymous routing identifier to maintain privacy of a sip user agent's identity
EP2115618A1 (en) * 2007-01-29 2009-11-11 Feeva Technology, Inc. Systems and methods of information/network processing, including tag-based insertion and related features
US8862537B1 (en) * 2011-06-30 2014-10-14 Sumo Logic Selective structure preserving obfuscation
CN104255059A (en) * 2011-10-12 2014-12-31 欧姆尼特雷尔有限责任公司 Presence platform for passive radio access network-to-radio access network device transition
CN104247369A (en) * 2012-02-22 2014-12-24 高通股份有限公司 Method and equipment for blurring equipment tags
CN104604206A (en) * 2012-08-29 2015-05-06 高通股份有限公司 Obfuscating a MAC address
CN106027527A (en) * 2016-05-23 2016-10-12 华中科技大学 Anonymous communication method based on software defined network (SDN) environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王相林等: "一种基于源IP地址的信息隐藏技术", 《计算机应用与软件》 *

Also Published As

Publication number Publication date
US20200336469A1 (en) 2020-10-22
CN111434088B (en) 2022-09-27
EP3738286B1 (en) 2022-02-23
EP3738286A1 (en) 2020-11-18
US11336623B2 (en) 2022-05-17
WO2019134858A1 (en) 2019-07-11

Similar Documents

Publication Publication Date Title
US20200275248A1 (en) Method for discriminating between unicast device to device (d2d) communication and groupcast d2d communication
US8428064B2 (en) Wireless communication device, mac address management system, wireless communication method, and program
US10321493B2 (en) Method for establishing connection by terminal, apparatus, and system
US10512103B2 (en) Methods and apparatus to transmit data in a connectionless mode
CN110113306B (en) Method and network device for distributing data
US7765402B2 (en) System and methods for the wireless delivery of a message
CN111031078A (en) Communication method and device
CN110602055A (en) Long connection authentication method, device, server and storage medium
CN113515766A (en) File transmission method and device
CN113114589A (en) Cross-network data secure transmission system and method
US20180083777A1 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
KR102015612B1 (en) Apparatus for providing terminal management and message filtering in Loral network and method thereof
KR101224225B1 (en) Submit report handling in smsip
CN111434088B (en) Data processing method
US20200236089A1 (en) Rdma-based data transmission method, network interface card, server and medium
CN110830421B (en) Data transmission method and device
CN110913351A (en) Multicast control method, device, network equipment and storage medium
GB2569993A (en) Data processing method
WO2023046177A1 (en) Unmanned aerial vehicle data encryption transmission method and apparatus, device, and storage medium
CN113596742B (en) Data transmission method and device
WO2016065638A1 (en) Data transmission method and device
CN106604305B (en) Wireless network configuration method and device and terminal
CN107800758B (en) Wind control data processing method, device and system
CN114980101A (en) Access method, device, equipment and storage medium of wireless network
CN111683368B (en) Pairing method using SSID, audio and video data transmission system and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant